Real-Time Prevention of the Kaseya VSA Supply Chain REvil Ransomware Attack

Attacks like this demonstrate the importance of real-time prevention that does not rely on signatures by leveraging zero-trust at the endpoint. As shown in the first screenshot, all components of this attack are signed. This attacker is adept at abusing the implicit trust given to signed processes so their attacks can progress in target environments. Furthermore, detection-centric technology, like EDR, cannot be relied on when malicious activity is present on servers. The attacker is simply too close to their final goal for it to make sense to rely on reactive remediation through human intervention.

Morphisec Keep is built to deal with evasive threats like this automatically, in real time, and without prior knowledge of the attack. Through Morphisec Keep, you can extend your zero-trust strategy beyond identity and the network so that attacks like this one, where the supply chain is compromised, can still be prevented when they can land on the endpoint and make their way into the process memory.

Written by Morphisec Labs | July 5, 2021

Leave a Reply

%d bloggers like this: